Abstract
AbstractThis paper describes using casual games to capture and disseminate expert security knowledge with a digital model at a small company. Most companies in the global supply chain are Very Small Entities (VSE), meaning they employ five (5) to twenty‐five (25) people. These companies represent a risk because they have little to no security proficiency and limited resources and incentive to prioritize system security. Moreover, this is a hidden risk because the companies higher up in the supply chain rely on contractual mechanisms to enforce compliance with security requirements. Small companies rely on informal methods in their daily work and are resistant to change. Threat modelling in the context of Agile Model‐Based Systems Engineering (AMBSE) can provide VSEs with a structure that allows them to retain their informal operational agility. When modelling using games, the security expert plays the dual role of modeler and educator, and the engineering team is gaining security proficiency, improving the quality of both their current and future work. Players reported improved understanding of other stakeholders' perspectives. Agility, proficiency, and stakeholder alignment are among the critical foundation concepts identified by the INCOSE led Future of Systems Engineering Initiative (FuSE) to improve system security.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call